SSO Assignment: Inline policy documentation

answerdigital · Jan 28, 2024 · 70b4027 · 70b4027
1 parent c007766
commit 70b4027
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/modules/aws/sso_account_assignment/README.md b/modules/aws/sso_account_assignment/README.md
@@ -67,3 +67,28 @@ module "iam_example" {
   }
 }
 ```
+
+You can also provide inline IAM policies:
+
+```hcl
+data "aws_iam_policy_document" "example" {
+  statement {
+    actions = [
+      "s3:ListAllMyBuckets",
+      "s3:GetBucketLocation",
+    ]
+
+    resources = ["arn:aws:s3:::*"]
+  }
+}
+
+module "iam_example" {
+  # ...
+
+  permission_sets = {
+    S3BucketAccess = {
+      inline_policy = data.aws_iam_policy_document.example.json
+    }
+  }
+}
+```